Patrick Schleizer
|
eb3e0b9292
|
bumped changelog version
|
2024-02-22 14:52:55 +00:00 |
|
Patrick Schleizer
|
c0924321b8
|
fix systemd unit ExecStart
|
2024-02-22 09:52:36 -05:00 |
|
Patrick Schleizer
|
d148a769b7
|
bumped changelog version
|
2024-02-22 14:50:05 +00:00 |
|
Patrick Schleizer
|
6d7cf3c12a
|
output
|
2024-02-22 09:49:48 -05:00 |
|
Patrick Schleizer
|
f7831db197
|
do not exit non-zero if folder does not exist
|
2024-02-22 09:17:41 -05:00 |
|
Patrick Schleizer
|
5bdd7b8475
|
output
|
2024-02-22 09:14:52 -05:00 |
|
Patrick Schleizer
|
44a15cd97d
|
mount --make-private
https://github.com/Kicksecure/security-misc/issues/172
|
2024-02-22 09:13:56 -05:00 |
|
Patrick Schleizer
|
c0f98b05b6
|
comment
https://github.com/Kicksecure/security-misc/pull/202
|
2024-02-22 06:03:59 -05:00 |
|
Patrick Schleizer
|
1e1613aa93
|
allow /opt exec as usually optional binaries are placed there such as firefox
https://github.com/Kicksecure/security-misc/pull/202
|
2024-02-22 06:02:28 -05:00 |
|
Patrick Schleizer
|
7c7b4b24b4
|
fix home_noexec_maybe -> most_noexec_maybe
https://github.com/Kicksecure/security-misc/pull/202
|
2024-02-22 06:02:00 -05:00 |
|
Patrick Schleizer
|
38783faf60
|
add more bind mounts of mount options hardening
as suggested in https://github.com/Kicksecure/security-misc/pull/202
|
2024-02-22 05:58:53 -05:00 |
|
Patrick Schleizer
|
ad9d913902
|
bumped changelog version
|
2024-02-03 18:28:27 +00:00 |
|
Patrick Schleizer
|
02090da08c
|
Merge remote-tracking branch 'github-kicksecure/master'
|
2024-02-03 12:51:07 -05:00 |
|
Patrick Schleizer
|
ba13657d89
|
Merge pull request #197 from raja-grewal/mitigations
Additional Explicit CPU Mitigations
|
2024-02-03 12:50:28 -05:00 |
|
raja-grewal
|
b16c99ab62
|
Remove hardcoded spec_rstack_overflow setting
|
2024-01-29 13:39:40 +00:00 |
|
raja-grewal
|
139b10a9aa
|
Control RAS overflow mitigation on AMD Zen CPUs
|
2024-01-29 12:59:13 +00:00 |
|
raja-grewal
|
6c54e35027
|
Enable mitigations for RETBleed vulnerability and disable SMT
|
2024-01-29 12:58:51 +00:00 |
|
raja-grewal
|
4509a5fc95
|
Enable known mitigations for CPU vulnerabilities and disable SMT
|
2024-01-29 12:58:14 +00:00 |
|
raja-grewal
|
4231155efa
|
Add reference for kernel parameters
|
2024-01-29 12:57:48 +00:00 |
|
Patrick Schleizer
|
8037ce52f9
|
bumped changelog version
|
2024-01-25 13:59:29 +00:00 |
|
Patrick Schleizer
|
185bfe7497
|
use interest-noawait instead of interest-await
fixes https://github.com/Kicksecure/security-misc/issues/196
|
2024-01-25 06:54:36 -05:00 |
|
Patrick Schleizer
|
64e41b113c
|
bumped changelog version
|
2024-01-18 14:10:51 +00:00 |
|
Patrick Schleizer
|
1855fa08b1
|
readme
|
2024-01-18 08:54:39 -05:00 |
|
Patrick Schleizer
|
f0e2a82b55
|
bumped changelog version
|
2024-01-17 19:18:25 +00:00 |
|
Patrick Schleizer
|
314e5b490c
|
use wildcards
instead of outdated, incomplete list
https://github.com/Kicksecure/security-misc/issues/160
|
2024-01-17 14:03:09 -05:00 |
|
Patrick Schleizer
|
08619d6a73
|
minor RPM updates
https://github.com/Kicksecure/security-misc/issues/160
|
2024-01-17 13:59:36 -05:00 |
|
Patrick Schleizer
|
3048e0ac76
|
usrmerge
https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:54:07 -05:00 |
|
Patrick Schleizer
|
5a6cd4c2ab
|
remove now empty /bin from copying since it is empty after usrmerge
https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:51:30 -05:00 |
|
Patrick Schleizer
|
071b984a1e
|
sort -d
https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:49:05 -05:00 |
|
Patrick Schleizer
|
011e55e3e5
|
remove duplicates after usrmerge
https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:45:17 -05:00 |
|
Patrick Schleizer
|
0efee2f50f
|
usrmerge
fixes https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:39:56 -05:00 |
|
Patrick Schleizer
|
18a06935e0
|
run permission hardener when new packages are install files to /usr or /opt
(basically anywhere)
fixes https://github.com/Kicksecure/security-misc/issues/189
|
2024-01-17 13:23:20 -05:00 |
|
Patrick Schleizer
|
66e6371221
|
bumped changelog version
|
2024-01-16 14:26:34 +00:00 |
|
Patrick Schleizer
|
0d78ecaee3
|
README
|
2024-01-16 09:26:21 -05:00 |
|
Patrick Schleizer
|
3ba8fe586e
|
update permission-hardener.service
Which is now only an additional opt-in systemd unit,
because permission-hardener is run by default at security-misc
package installation time.
https://github.com/Kicksecure/security-misc/pull/181
|
2024-01-16 09:23:54 -05:00 |
|
Patrick Schleizer
|
186f6015da
|
bumped changelog version
|
2024-01-16 14:14:18 +00:00 |
|
Patrick Schleizer
|
6aa55698ab
|
delete legacy folder /etc/permission-hardening.d if empty
https://github.com/Kicksecure/security-misc/pull/181
|
2024-01-16 09:10:59 -05:00 |
|
Patrick Schleizer
|
9cafd78fe2
|
rm_conffile /etc/permission-hardening.d
https://github.com/Kicksecure/security-misc/pull/181
|
2024-01-16 09:05:09 -05:00 |
|
Patrick Schleizer
|
fa53848b5c
|
bumped changelog version
|
2024-01-16 13:58:55 +00:00 |
|
Patrick Schleizer
|
4f7973bc56
|
comment
|
2024-01-16 08:56:26 -05:00 |
|
Patrick Schleizer
|
ed7c09fc46
|
permission-hardening -> permission-hardener migration
mv --verbose /var/lib/permission-hardening /var/lib/permission-hardener
https://github.com/Kicksecure/security-misc/pull/181
|
2024-01-16 08:45:13 -05:00 |
|
Patrick Schleizer
|
a90cd43631
|
fix postinst for new permission-hardener
https://github.com/Kicksecure/security-misc/pull/181
|
2024-01-16 08:32:52 -05:00 |
|
Patrick Schleizer
|
862bf6b5ab
|
Merge remote-tracking branch 'ben-grande/clean'
|
2024-01-16 08:19:28 -05:00 |
|
Patrick Schleizer
|
dc8d9eece3
|
bumped changelog version
|
2024-01-09 05:52:49 +00:00 |
|
Patrick Schleizer
|
1199871d7b
|
undo IPv6 privacy due to potential server issues
https://github.com/Kicksecure/security-misc/issues/184
|
2024-01-07 06:37:34 -05:00 |
|
Patrick Schleizer
|
128bb01b35
|
undo IPv6 privacy due to potential server issues
https://github.com/Kicksecure/security-misc/issues/184
|
2024-01-07 06:36:25 -05:00 |
|
Patrick Schleizer
|
df0f9d3267
|
README
|
2024-01-06 09:19:57 -05:00 |
|
Patrick Schleizer
|
86f91e3030
|
revert umask 027 by default
because broken because this also happens for root while it should not
https://github.com/Kicksecure/security-misc/issues/185
|
2024-01-06 09:11:54 -05:00 |
|
Patrick Schleizer
|
3f1304403f
|
disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP
https://github.com/Kicksecure/security-misc/issues/184
|
2024-01-06 08:15:31 -05:00 |
|
Patrick Schleizer
|
e8f8dcd0fb
|
bumped changelog version
|
2024-01-04 02:03:26 +00:00 |
|